7.4 Is Weaver vulnerable to the React2Shell exploit (CVE-2025-55182)? : Weaver Technologies

7.4 Is Weaver vulnerable to the React2Shell exploit (CVE-2025-55182)? Print

Modified on: Wed, 10 Dec, 2025 at 12:12 PM

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Following applications were determined to be affected and updated accordingly:

Admin-UI
AAS-Explorer
IRIS

Did you find it helpful? Yes No

7.4 Is Weaver vulnerable to the React2Shell exploit (CVE-2025-55182)? Print

Related Articles